1
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.util.Base64;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.StringPool;
31 import com.liferay.portal.service.UserLocalServiceUtil;
32
33 import java.util.StringTokenizer;
34
35 import javax.servlet.http.HttpServletRequest;
36 import javax.servlet.http.HttpServletResponse;
37
38
72 public class BasicAuthHeaderAutoLogin implements AutoLogin {
73
74 public String[] login(
75 HttpServletRequest request, HttpServletResponse response)
76 throws AutoLoginException {
77
78 try {
79 String[] credentials = null;
80
81
83 String authorization = request.getHeader("Authorization");
84
85 if (authorization == null) {
86 return credentials;
87 }
88
89 StringTokenizer st = new StringTokenizer(authorization);
90
91 if (!st.hasMoreTokens()) {
92 return credentials;
93 }
94
95 String basic = st.nextToken();
96
97
99 if (!basic.equalsIgnoreCase(HttpServletRequest.BASIC_AUTH)) {
100 return credentials;
101 }
102
103 String encodedCredentials = st.nextToken();
104
105 if (_log.isDebugEnabled()) {
106 _log.debug("Encoded credentials are " + encodedCredentials);
107 }
108
109 String decodedCredentials = new String(
110 Base64.decode(encodedCredentials));
111
112 if (_log.isDebugEnabled()) {
113 _log.debug("Decoded credentials are " + decodedCredentials);
114 }
115
116 int pos = decodedCredentials.indexOf(StringPool.COLON);
117
118 if (pos == -1) {
119 return credentials;
120 }
121
122 long userId = GetterUtil.getLong(
123 decodedCredentials.substring(0, pos));
124 String password = decodedCredentials.substring(pos + 1);
125
126 try {
127 UserLocalServiceUtil.getUserById(userId);
128
129 credentials = new String[3];
130
131 credentials[0] = String.valueOf(userId);
132 credentials[1] = password;
133 credentials[2] = Boolean.TRUE.toString();
134 }
135 catch (NoSuchUserException nsue) {
136 if (_log.isWarnEnabled()) {
137 _log.warn(userId + " is not a valid user id");
138 }
139 }
140
141 return credentials;
142 }
143 catch (Exception e) {
144 throw new AutoLoginException(e);
145 }
146 }
147
148 private static Log _log =
149 LogFactoryUtil.getLog(BasicAuthHeaderAutoLogin.class);
150
151 }